Sounds like what you do when mucous threatens to roll out of your nostril and down onto the ground unbidden. Ursnif.
But no. Ursnif (aka Gozi) is trojan malware spread via spam in the e-mail targeting Japan—a top target—as well as North America, Europe and Australia.
While IT workers battle to contain and rid company computing systems of the troublesome malware, new attacks in Japan show that the hackers have developed new evasion techniques, ensuring that the virus keeps mutating.
My gal pal FFF, a reader of this here blog, alerted me of the situation… a battle of computer savvy of epic proportions featuring Ursnif/Gozi that has actually been going on for years.
Starting this past September, Japanese banks have been especially hard hit.
Along with targeting banks, the Japanese malware variation has been targeting user credentials for local webmail, cloud storage, cryptocurrency exchange platforms and e-commerce sites.
Ursnif/Gozi was first discovered in 2007 (Buddha-knows how long it was around before being discovered).
The original malware targeted only English-speaking countries… until 2010 when source code for the Trojan was accidentally leaked. That lead to the development of Ursnif v2 that adopted web-injection techniques and leverages a hidden virtual network computing (Hvnc) feature.
By the end of 2010, it was attacking banks in the U.S., U.K. and Europe (implying that the U.K. isn’t geographically part of Europe, despite its political exist from the European Union… it’s still Europe).
Now in 2017, Ursnif/Gozi is affecting banks in Japan, Australia, the U.S., Bulgaria, Czech Republic, Poland and Spain (the latter four considered to be “Europe”) (You know I’m just being snide and sarcastic there.)
Apparently, of the banking malware currently attacking, Ursnif/Gozi is involved in 21% of them, just behind Zeus at 24%.
What does Ursnif do? The most up-to-date version of it performs: script-based browser manipulation, web injections, man-in-the-browser functionality, form grabbing, screen capture, session video grabbing and hidden VNC and SOCKS proxy attacks.
I won’t even pretend I know what some of that means.
I never even heard of this: malspam and exploit kits. I won’t even add a joke here.
Against Japan, malspam is the popular form of Ursnif delivery.
Why target Japan? “The history of organized cybercrime in Japan is not very long,” explains Kessem. “In most cases of malware migration, cybercriminal groups with adequate resources are looking for easier money, less security and an element of surprise for users who are less accustomed to their spam ploys and social engineering during the banking session.”
As a side note, I find spam to be interesting…
Not the virus crap poor IT professionals have to dig through, but rather the simple cons that are begun with a simple e-mail from some stranger contacting you out of the blue asking for help in return from butt-loads of money.
I had collected a whole mess of spam e-mails and was going to create a blog showing off the latest in cons via e-mail, but decided ultimately that I didn’t have enough time in the day to keep it going, having just one year ago accepted the job of coaching kids’ baseball and even hockey.
Of course there would have to be one featuring the classic Nigerian prince; help in funneling money out of some country where citizens are not allowed to withdraw money from a bank; e-mails from people who start by calling you ‘Darling’; and messages telling you that your e-mail or banking data information has been breached.
Did you know that I sometimes get spam sent to me apparently from my own e-mail account. It says it’s my address… but WTF? Do I note the e-mail as Junk or Spam, or will that sudden;y make ALL of the e-mails I send become Junk or Spam? I don’t know.
Trust me… if you receive an e-mail from me, unless I call you by your actual name somewhere in the e-mail - it ain’t from me. Personalizing any message is important (unless it’s the 3rd or more in a long chain of quick messages).
I recently rec’d vicious and profane messages directed to this blog as comments - some 3 a minute until I had over 300 comments over two separate attacks… but since I insist that all comments remain unpublished until I personally approve them, I could just designate them all as junk/spam.
What was annoying, was that after I wrote about the “attack” here in this blog, I received another flurry of commentary attacks.
I never responded to a single comment - mostly because I never “published” them and instead tagged them as junk/spam and then deleted them.
The hacker told me his name, his e-mail address and phone number. Why? I’m not sure, but I would bet that utilizing any of them could have actually opened up the door for further harassment.
Just yesterday, while at work, my cellphone rang. Not many people know the number. Certainly not the Canadian Revenue Agency, as some robotic message tried to tell me I had to call them or be arrested. Like I said, no one has that number.
Here’s what a fellow complainant wrote about his/her issue with the same: 647-749-2251 phone number, phone HERE:
Automated message at 12:10 from the “CRA” stating there is a warrant out for my arrest for tax fraud. Need to call them back immediately. Called. "Officer" said they came to my house earlier with a Letter from CRA, nobody opened. So, I will be arrested. Police unit is on the way. Stay home don't hang up. You could avoid arrest if pay around 5000K. It could be done via Shoppers or Wallmart. Should buy 20 giftcards...
Sadly, not everyone is hip to scams like this and might actually be concerned enough to do as requested.
People… the Canada Revenue Agency does not want gift cards. They would want their money, and would give you many different scenarios to pay back any money owed… perhaps even as determined in a court of law. Whatever. tax trouble? Call a lawyer.
Anyone asking you for money and you haven’t slept with them multiple times (for free) - why are you giving them money? Tell someone, ask for advice, proceed carefully.
Anyhow… with regards to the CRA phone scam, no robot message is calling anybody to threaten them. The CRA has people who are robotic to do that.
I love how even the robotic message fails to use proper English grammar. I’m fairly sure that the CRA would have grammar that originated from someone from a native speaker.
Thank your lucky stars that there are people like FFF on the job keeping you as safe as humanly possible from the hacker.
And fer crissakes... help yourselves... if you see an e-mail that causes you pause... it's causing you pause for a reason... send it to the Junk or Spam folder. Look up the particulars online, and act accordingly.
Never open up "puzzling" material just because you are puzzled. Your IT department will thank you in their prayers to HAL later.
Hours after publishing this, I received a spam e-mail—a type I haven't received in a while:
Hi mreman, my name is Yulia and i'm from Russia, but currently living in the USA.
Two weeks ago I found your profile on Badoo and must say I cant forget that face :-)
You are super cute and I would like to know you more!
If its mutual, email me, this is my email email@example.com and I will send some of my photos.
At least the "ru" designation on the e-mail provided is legitimate for mother Russia... but I've never been on Badoo. I don't even know what it is.
PS: Just in case you didn't know it... in the books and movies of 2001: A Space Odyssey, by Arthur C. Clarke, the malfunctioning computer is named HAL... one letter each removed from IBM.
PPS: The monolith is meant to represent a fuel cell that is supposed to be part of more fuel required to ignite Jupiter into our solar system's second star. Most solar systems are binary or trinary star systems. Jupiter, Saturn, Uranus and Neptune are all gas giant planets that are lacking enough fuel to ignite into star like our sun, Sol. I think they are called brown dwarf stars, but gas giant planets will suffice. Now the movie should make more sense.